Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-6992 zlib, CVE-2023-42366 busybox #3355

Closed
lpetrazickisupgrade opened this issue Jun 13, 2024 · 1 comment · Fixed by #3364
Closed

CVE-2023-6992 zlib, CVE-2023-42366 busybox #3355

lpetrazickisupgrade opened this issue Jun 13, 2024 · 1 comment · Fixed by #3364

Comments

@lpetrazickisupgrade
Copy link
Contributor

lpetrazickisupgrade commented Jun 13, 2024
edited
Loading

Describe the bug

Pyroscope 1.6.0 images are built on a version of Alpine 3.18 that ship a vulnerable version of zlib and busybox

To Reproduce

Steps to reproduce the behavior:

  1. Scan Pyroscope image
  2. List CVEs

Expected behavior

Updated image without known vulnerable packages

Environment

  • Infrastructure: Kubernetes
  • Deployment tool: ArgoCD

Additional Context
simonswine added a commit to simonswine/pyroscope that referenced this issue Jun 19, 2024
@simonswine
Update alpine version to 3.18.7
c7bbabd 
Fixes grafana#3355
@simonswine simonswine mentioned this issue Jun 19, 2024
Merged
simonswine added a commit to simonswine/pyroscope that referenced this issue Jun 21, 2024
@simonswine
Update alpine version to 3.18.7
6fa5507 
Fixes grafana#3355
github-actions bot pushed a commit that referenced this issue Jun 21, 2024
@simonswine @grafana-delivery-bot
Update alpine version to 3.18.7 (#3364)
06b07c7 
Fixes #3355

(cherry picked from commit b9a114e)
@github-actions github-actions bot mentioned this issue Jun 21, 2024
Merged
simonswine added a commit that referenced this issue Jun 21, 2024
@github-actions @simonswine
Update alpine version to 3.18.7 (#3364) (#3373)
a4971b2 
Fixes #3355

(cherry picked from commit b9a114e)

Co-authored-by: Christian Simon <simon@swine.de>
@simonswine simonswine mentioned this issue Jun 21, 2024
Merged
@github-actions github-actions bot mentioned this issue Jun 21, 2024
Merged
@simonswine
Copy link
Contributor

@lpetrazickisupgrade thanks for letting us know, after alpine was released we cut a new release ourselves: https://github.com/grafana/pyroscope/releases/tag/v1.6.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update alpine version to 3.18.7 simonswine/pyroscope
2 participants
@simonswine @lpetrazickisupgrade